Cisco Support Community
Community Member

NAC, script or template to modify registry

Anyone got a template or script which would modify the necessary registry settings so that clean access agent will notice when the vlan changes and then would refresh ipconfig?

I've deployed the NAC 4.1.3 in a OOB Layer 3 with central CAS deployment. I've noticed that when you clear the certified device list users that are still logged in are placed in the untrusted VLAN but since the port never goes down the IP address on the client doesn't change. I can't enable port bouncing because I have IP phones. So we could enable RetryDetection in the registry along with PingArp but this requires I know how to mass modify registry setting via group policy. So does anyone have a adm template or logon script example I could use to accomplish this? I don't have the knowledge to make this happen. Any ideas? Thanks


Re: NAC, script or template to modify registry

I believe there is a bug with the NAC Agent code were it is too aggressive in renewing the IP address. This was corrected in NAC Agent and newer

But the information you are looking for is located at the following link:

Access to Authentication VLAN Change Detection on Clients with Multiple Active NICs

Re: NAC, script or template to modify registry

After rereading your posting, I realize this information will not assist you.

CreatePlease to create content